A new version of the Bagle worm is attempting to turn PCs into zombies for use in botnets.
The variant surfaced over the weekend and was spammed to tens of thousands of Internet users, Ero Carrera, a researcher at F-Secure, said on Tuesday. The antivirus software maker is calling the offshoot Mitglieder.CN, but it is known by other names, such as Bagle.BQ or Tooso.J, at other security companies.
The latest Bagle behaves in a similar way to its predecessors that don't self-propagate. It arrives in an email with a attachment, then when the file is executed, the malicious program tries to disable firewalls and antivirus software. It then attempts to download and run a Trojan horse that hijacks the infected PC for use as part of a botnet.
Botnets are groups of compromised PCs, often numbering in the thousands per network, that are generally rented out to relay spam, to launch denial-of-service attacks, or to perform other malicious acts.
"Compromised PCs could be used to send out new variants of Bagle," for example, Carrera said.
Bagle has spawned at least 70 variants since the virus emerged in January 2004. Some iterations have been more sophisticated than others, blending mass-mailing and Trojan horse techniques.
Most antivirus companies updated their products over the weekend to protect customers against the new virus. "It is not going to be a major issue," Mikko Hyppönen, director of research at F-Secure, said on Monday.
Symantec rates the new variant a low risk because it has not spread much. "Our rate of submissions is slowing down on that variant, so we don't consider it to be a significant threat," a Symantec representative said on Monday.
Talkback
PREVENT VIOLATIONS BY AGGRESSIVE DEFENSE
The problems associated with the use of malware are not peculiar to any particular country as the menace is global in nature. The countries all over the world are facing this problem and are trying their level best to eliminate this problem. The problem, however, cannot be effectively curbed unless popular public support and a vigilant judiciary back it. The legislature cannot enact a law against the general public opinion of the nation at large. Thus, first a public support has to be obtained not only at the national level but at the international level as well. The people all over the world are not against the enactment of statutes curbing the use of malware, but they are conscious about their legitimate rights. Thus, the law to be enacted by the legislature must take care of public interest on a priority basis. This can be achieved if a suitable technology is supported by an apt legislation, which can exclusively take care of the menace created by the computers sending the malware. Thus, the self-help measures recognised by the legislature should not be disproportionate and excessive than the threat received by the malware. Further, while using such self-help measures the property and rights of the general public should not be affected. It would also not be unreasonable to demand that such self-help measures should not themselves commit any illegal act r omission. Thus, a demarcating line between self-help and taking law in one’s own hand must be drawn. In the ultimate analysis we must not forget that self-help measures are “watchdogs and not blood-hounds”, and their purpose should be restricted to legitimate and proportionate defensive actions only. If still there remains any doubt or objection, then it will be sufficient to mention that only a computer can react fast enough to take care of the menace of malware and the traditional methods of law enforcement are helpless in this regard. The problems of lack of harmonisation, doubt regarding jurisdiction, lack of a uniform extradition law between various countries of the world, etc can be solved only by using a legitimate, proportionate and reasonable mechanism of self-help, which is not only instant but also free from technicalities and formalities.